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Conditional Access Network 

5 The present invention relates to a method of operating a conditional access 
network wherein a provider distributes valuable contents over the network and 
end-users are allowed to access such valuable contents, in function of individual 
. access rights defined by a user license. The invention also relates to a conditional . 
access component for use in a conditional access network wherein a provider 
10 distributes valuable contents over the network and end-users are allowed to access 
such valuable contents in function of individual access rights defined by a user 
license. 

In a conventional network for the distribution of valuable contents such as Digital 
1 5 Video Broadcast "DVB", the end-user is provided with a conditional access unit that 
is either embedded in a Set-Top-Box or constitutes a pluggable module for 
D — insertion into a Common Interface ("CI") slot of a Set-Top-Box, In either case, the . 

conditional access unit includes a SmartCard reader for accommodation of a 
subscriber card, i.e. a SmartCard (a Chip card) that contains required functionality 
20 and data to control secured access to the valuable contents in conjunction with the 
conditional access unit. 
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Due to general aspects of security, such as the level of protection against 
intrusion, and to technical requirements, such as data formats, video, resolution 
etc., content providers use different conditional access systems, and each 
conditional access system requires a specific conditional access component which 
5 the end-user must acquire to gain access to contents distributed with that 
particular conditional access system. 

The present invention provides a new way to allow an end-user to gain access to 
valuable contents distributed in any of a plurality of conditional access systems 
10 with just one conditional access component that has a basic functionality common 
to all of the plurality of conditional access systems, and that can be selectively 
enabled or disabled for any of the plurality of conditional access systems, 
^^^^ ensuring at least the same level of security as in conventional DVB networks. 

15 

The invention as defined in the appending claims will be explained below in 
further detail, and exemplary embodiments of the invention are shown in the 
' t appending drawings. 

20 In the drawings; 

Fig. 1 is an overall view illustrating the relationship between an. end-user side 
equipment, a number of conditional access application providers and a license 
provider, 

25 Fig. 2 is a block diagram illustrating a head-end conditional access application t 
enabler framework; 

Fig. 3 is a block diagram of a conditional access component; 

30 Fig. 4 is a flowchart illustrating essential steps of a procedure enabling the 

conditional access component to access contents received in; a transport stream 
under a particular conditional access system. 
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Purpose of the invention: 

This invention aims to allow an end-user to be authorized in consuming services 
from several different CA systems with the same device (contrary to the current 
state of the art where the device is linked to the CA). This device is then able to 
host one or more CA applications and one or more related authorizations, at the 
same time. 



Glossary, definition of entities and data: 

AACC Authorized Automatic CA Configuration 

ATR Answer To Reset: data sent by a smart card when it is plugged in 

CAAP (CA application .Provider) the entity that perarits the secure 

15 download of CAA to the SMC. 

CAA (CA application: the code that runs within the SMC, giving access 

to the related CAS services. 
CAJD Unique identifier of the CAS. 

CAS (CA system) a system that enables an end-user to access to payTV 

20 programs 

CAT CA Table, that contains the CAS descriptors (parameters, data, 

scripts ...). 

End-user The people that want to watch the tv and pay for that. 
Firmware all kind of binary code stored in the SMC (e.g. boot, OS, 
25 applications, drivers, ..*) 

Licence This element allows the SMC to run legally the related CAA. 

LO (Licence Order) this procedure permits to an end-user to acquire 

from the LP the right to run a CAA, having then access to its 

payTV programs. 
30 LP . (Licence Provider) this entity 

LT Licence Table, that contains the CA Licence descriptors 

(parameters, data, scripts, ..). 
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MMI Man Machine Interface; a resource provided by the STB to the 

SMC to allow it to display data. 

Subscription 

payTV programs Programs scrambled under control of a specific CAS . 
SC (Service Channel) a channel that carries parameters (configuration 

file, data, scripts) related to each CAS 
a sequence of commands that are executed by the SMC 
Serial Number, unique value that identifies an entity (SmCa, SMC, 

;..) 

Secure MultiCAS Component: It is made of one or more devices; is 
a secure one, able to store, run and/or handle applications & data in . 
a secure way; it means that any element within is protected against 
modification and illegal access. 
Smart Card 

secret and/or public data used for security-orineted services (e.g. 
integrity, authentication, confidentiality) ' " 
Transport Stream 

(Timing Service) a service that provides right date and time, 
available either outside or inside the SMC (e.g. a clock). 



Script 
SerNo 

10 SMC 



SmCa 
SMC keys 

TS 
TiSe 



20 



OX 



25 



Sequence of operations; 

1 the end-user buys the component (SMC) 
2^n parallel: 

2 he retrieves the CA Application that will run on the device 
T he acquires the authorization to use such application 
3 he consumes the CA services 



The steps 2 and 2' could be made in any ord^r. 
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Description of the different actions to be considered t 

1. SMC purchasing 

The end-user buys a SMC. 
S This device does contain at least boot firmware, able to manage security, ' 

handle smart cards, perform secure download, process licences. The SMC 
could also embed some other applications such as CAA (one or more). In 
term of data, it could embed one or'more licences for one or many CAS. 

10 2. CAA Acquisition 

In this part, we develop the process used for acquiring the CA Application 
and the parameters needed to configure the CAS and the SMC. 
Conditional Access Application means the firmware needed to process the 
1 5 encrypted A/V data using the different keys and licence in order to deliver a 

clear content to the end-user according to its rigths. . ' 
Three steps must be passed to get a. CAA "pending" ready to be activated 
inside, the SMC : CAA identification, CAA configuration and CAA 
acquisition. 



20 



CAS identification 



1. The SMC retrieves CASs descriptors by listening the CAT on the SC 
(which is always available to the SMC). 
25 2. identification is triggered by an event: 

♦ it could be a manual event (through MMI):The user can access 
a menu proposing CASs available for the end-user. 

♦ it could be one of the following four events: 

• SmCa insertion : If the user inserts a SmCa into the SMC, 
30 then a process of automatic CAS identification is launched. 
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• Module insertion or Module menu : the Module firmware 
can propose a set of CAAs that are identified as present and 
in the Service Channel, through the CAT. 

• Content triggering, downstream event : If the channel 
5 selected by the user is protected by a CAS requiring a 

specific CAA not present as valid in the SMC, and if the 
considered CAA is conform to the AACC, then a new CAS 
is automatically identified. 

• License presence (means step T has been already 
10 performed): If the license corresponding to a CAA is 

present and valid in the SMC, then the corresponding CAA 
is identified as required by the CAS to go on configuration 
phase. 

At this step, the CAS has been choosen, 
15 3. The SMC checks the presence of the corresponding CAA inside it. 

4. If the considered CAA is present and conform to the latest version 
(using information coming from the CAT), then the CAA acquisition is 
considered as achieved. 

5. If the considered CAA is not present or in an older version, then the 
20 . CAS identification is complete. 

At the end of the CAS identification, the SMC . knows CAJTO and may 
have CAA, . 

CAA Configuration 

25 Once identified, the CAA needs a lot of dynamic parameters to be set. The 

fact that different CASs can be loaded inside the SMC, added to a need of 
adaptation skill to prevent obsolecence of the architecture implies that the 
CAA. could come with its parameters through a dedicated specific Service 
Channel. 

.30 The Service Channel can be a database carried by the downstream, and 

containing the following parameters that will allow 
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- the CAS to be configured and downloaded using for example a script. 

- and the SMC itself to be configured to integrate the new CAA 
Some of the parameters can be used by both the C A and the SMC, and can 
be : 

5 • the ATR of the SmCa in order to identify it 

♦ The SerNo corresponding to the Smart Card or to the CA to be 
downloaded (including e.g. mask features for zoning) 

# The script describing the method to be used to download the CAA 
firmware (location of data, files locations and their signature ... 

10 • A reference to the license needed to unlock the CA. 

At the end of the CAA configuration, the SMC knows CA_ID and how 
)^^^ and where it can get the latest version of the CAA. 

,15 

CAA acquisition 

* Once identified and configured, the CAA must be acquired by the SMC 
(e.g. by a download). At the end of this process, the CAA will be fully 
available to the system, but will remain locked until all the rights (especially 
20 the license) have been checked sucessfully . 

The CAA acquisition can be proceeded as following : 

1, The CAA can be already present in the SMC , whether because the 
system was sold with this CAA inside, or because this CAA was 
already acquired (pre-stored) in the system in a previous session. Then, 

25 its integrity and validity must be checked, and the acquisition is 

considered as ended. i 

2. The script contained in the Service channel can be ran in order to 
download the CAA over the air, setting the tuner on the appropriate 
transponder and channel, and filtering the ■ downstream in order to 

30 collect the correct files. 
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At the end of the CAA acquisition, the SMC has the latest version or the 
CAA relative to the CAJGD. The CAA is in a locked state until the 
license and required rights have been checked as valid and up-to-date. 

5 2\ Licence acquisition 

2*0. Description of the licensing system 

The CAA enabler Head End (owned by the LP) is : 

- a CAA EMM builder, 
10 . - an encryption unit (ENC) and 1 

- a database to store information like SMC identifier(SMC id), SMC 
addresses and SMC keys in a secure manner. 

S^^^ This Head End component will generate CAA EMMs (used for Licence 

transport) in MPEG packet format and sends these to the connected 
15 multiplex' (MUX)that receives also Video/Audio data, standard, EMM and 

ECM, Service Information (SI) and Program Service Information (PSI). In 
addition it transmits the CAA EMM Packet Identifier (PID) and the 
CA_SYS JD to the SI/PSI generator. 

The task of the SI/PSI generator 'is to modify the Conditional Access 
20 Table(CAT) f i.e. to add a ca_descriptor() containing the CAA EMM PID 

and the CA_SYS_ID. The purpose is to signal the CAS where it will find 
the CAA EMM stream. The mechanism is identical to the one used for the 
EMM play out. 

^ 25 ° n the receiver side, in the SMC, the CAA enabler consists of three 

■ components; 

• the CAA EMM filter, 

• the verifier (a part of the firmware that is able to check EMM validity) and 

• a secure storage to store SMC SerNo, SMC addresses, SMC keys and 
30 control data. This storage area is protected against unauthorized access and 

modification, 
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The CAA EMM fitter extracts the CAT from the encrypted transport stream 
TS* and analyses it to get the PJD where the CAA EMM stream is played 
out. The next task is to interpret the CAT to find the CAA EMM which is 
addressed to the specific module. If one is found the filter unit sends the 
5 CAA EMM to the verifier. 

The verifier uses a SMC key to proof the authenticity of the EMM (e.g. by 
using digital signature feature) and in the case of a successful verification, it 
decrypts the CAA EMM.. The next step is to process the instructions of the 
CAA EMM payload. In the case of an activation the SMC enables e.g. the 
10 de^scrambler to produce the clear stream TS. 

2M Licence Identification; 

The end-user, selects manually or automatically, thru the SMC, the GAS he 
wants to acquire. It leads for the SMC to the knowledge of the CA_ID. 
15 it could be done in different manners: 

2M.a insertion of the SMC, or service selection: it then triggers a select 
feature, thru an MML (e,g. using a menu and the remote control). 
2\l.b insertion of the CA smart x card: it then identifies the CA_ID 7 as it is 
embedded in the smart card. This value is sent to the SMC. 
20 2M.c content triggering: by choosing himself a channel or a service, the 

end-user selects and identifies the GAS. 

At the end of this point, the SMC knows the CAJ0> 

25 2'.2 Licence Configuration 

The SMC retrieves all parameters (e.g. fees, phone number, SerNo, licence 
options) associated to the CA_ID,required for Licence access, in order to 
perform the retrieval of th^ CA-licence. This information can be taken in the 
Service Channel (from the LT) or in a fixed database stored in the SMC. 





30 



At the end of this point, the SMC knows where and how. access to the C A 
licence(s), 
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2\3 Licence Acquisition; . 
If a return channel exists, 

- the .end-user processes a request to the, LP for the CA-licence, to do that, 
5 the end-user, using config parameters, requests for a licence from the LP 

(e.g. financial transaction), bringing in the sent data everything 
requested by the LP (e.g. SMC SerNo, identity, .,.)• 

- the LP sends the specific licence, after complete payment, the LP 
processes data specific to the end user SMC and the chosen CAA, and 

10 sends them to the SMC (e.g. EMM). 

If no return channel exists 

- the end user buys a prepaid card, embedding a CA-licence 

- the licence is downloaded in the SMC, made specifip (i.e. the licence is 
linked to the SMC SerNo). 

15 - Later, when rights are used, the credits in the card are burned, ' 

At the end of this point, the SMC has a .licence of use for a specific CAS, 



20 3. Consumption of PayTV programs 

The end-user wants to consume programs or services. The CAA 
enabler feature requires some additional hardware resources on the head 
end component and on the SMC component. This is described in 2'0. 
25 Here is the sequence : 

3.1 the end user selects a channel Or a service he wants to consume 

3.2 the SMC checks the corresponding CAA (i.e. CAA(CAJD(channel)); 

(optional) checks presence of the smart card related to the CA 
30 checks that the CAA is not corrupted and locked 

3.3 the SMC checks the CA licence: 

checks the licence presence 
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checks the licence parameters are OK (date-by using the TiSe-, 
identity, SerNo, ..)• 

3 A the SMC runs the CAA. 
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Claims 

1 . A method of operating a conditional access network wherein a provider 
5 distributes valuable contents over the network and end-users are allowed 

to access such valuable contents in function of individual access rights 
defined by a user license, characterised in that the valuable contents are 
made available to the end-users by way of a plurality of different 
conditional access systems, each end-user is provided with a generic 
10 conditional access component having a basic functionality common to all 

conditional access systems, and particular conditional access systems are 
selectively enabled on each conditional access component subject to a 
^Ljs*. successful verification of a corresponding license. 

2. The method of claim 1, wherein the valuable contents are distributed in a 
1 5 digital transport stream that contains Entitlement Management Messages 

u EMMs" specific to each conditional access system. - - 

3, The method of claim 2, wherein each conditional access component 
includes a filter unit for filtering out the specific EMMs of conditional 
access systems enabled on the component and a verifier unit for the 

20 verification of access rights defined by the filtered specific EMMs. 

4, The method of claim 3 , wherein the valuable contents in the transport 
stream are scrambled, each conditional access component has a 
descrambler adapted to process a scrambled transport stream into a clear . 
. transport stream, and the descrambler is enabled or disabled in function of 

25 a successful or unsuccessful verification, respectively, of the access rights. 

5, The method of any of claims 1 to 4, wherein each conditional access 
system has an associated application for execution by the conditional 
access component. 

6. The method of claim 5, wherein applications are downloaded over the 
30 network from a conditional access application provider. 



7 k 
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7. The method of any of claims 1 to 6, wherein the network includes service 
channels for the transmission of configuration data to the conditional 
access components. 

8. A conditional access component for use in a conditional access network 
5 wherein a provider distributes valuable contents over the network and end- 
users are allowed to access such valuable contents in function of 
individual access rights defined by a user license* characterized by a basic 
functionality common to a plurality of different conditional access systems 
used in the network and an enabling unit selectively enabling or disabling 

1 o access by the component to valuable contents of particular conditional 

access systems. 

9. The conditional access component of claim 8, comprising a memory for 
f)^^^ storing at least one conditional access application associated with a 

particular conditional access system and means for loading said 
15 application into said memory. 

10> The conditional access component of claim 8 or claim 9, the valuable 
contents being distributed in a digital transport, stream that contains 
Entitlement Management Messages "EMMs" specific to each, conditional 
access system, and comprising a filter unit for filtering out specific EMMs 
20 of conditional access systems enabled on the component and a verifier unit 

for the verification of access rights defined by the filtered specific EMMs. 
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Abstract 

In a conditional' access network a provider distributes valuable contents such 
as digital TV over the network and end-users are allowed to access such valuable 

5 contents in function of individual access rights defined by a user license. The 
valuable contents are made available to the end-users by way of a plurality of 
different conditional access systems, each end-user is provided with a generic 
conditional access component having a basic functionality common to all 
conditional access systems,, and particular conditional access systems are 

10 selectively enabled on each conditional access component subject to a successful 
verification of a corresponding license. 




turn 12.04.02 16:36 FAXG3 Nr: 503451 von NVS:FAXG3.I0.0201/089896980 (Seite 17 von 21) 



Fig.l 



provider 




Database 
SMC id, 
SMC key$ 
SMC 
addresses 
License data 



End User STB 



SMC can be 
embedded in 
the user STB 




optional 



Return 
Channel 



itum 12.04.02 16:36 FAXG3 Nr: 503451 von NVS:FAXG3.10.0201/089896980 (Seite 18 von 21) 



Fig- 2 
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Fig- 3 
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Flo^ chart of CAA enabler on the SMC side 



CAA enabler 



I 



CAA EMM filter forwards selected 
CAA EMM to verifier 



CAA EMM filter extmcts CAT 
from TS* and nets PIO of CAA 
EMM stream 



T 



Verifier checks CAA EMM 
authenticity with SMC key and 
decrypts it 



Verifier sends enable signal to de- ■ 
scrambler to allow descrambling of 
TS* 
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